#!/bin/bash
# {{ ansible_managed }}
#
# chkconfig:   2345 95 95
# description: Vault secret management tool
# processname: vault
# pidfile: /var/run/vault/pidfile

{% if ansible_distribution == "Ubuntu" %}
. /lib/lsb/init-functions
{% else %}
. /etc/init.d/functions
{% endif %}

VAULT="{{ vault_bin_path }}/vault"
CONFIG="{{ vault_config_path }}"
PID_FILE=/var/run/vault/vault.pid

[ -e /etc/sysconfig/vault ] && . /etc/sysconfig/vault

export GOMAXPROCS=$(nproc)

mkrundir() {
        [ ! -d /var/run/vault ] && mkdir -p /var/run/vault
        chown {{ vault_user }} /var/run/vault
}

KILLPROC_OPT="-p ${PID_FILE}"
mkpidfile() {
        mkrundir
        [ ! -f $PID_FILE ] && pidofproc $VAULT > $PID_FILE
        chown {{ vault_user }} /var/run/vault
        if [ $? -ne 0 ] ; then
            rm $PID_FILE
            KILLPROC_OPT=""
        fi
}

start() {
        echo -n "Starting vault: "
        {% if vault_http_proxy -%}
        export HTTP_PROXY={{ vault_http_proxy }}
        {% endif -%}
        {% if vault_https_proxy -%}
        export HTTPS_PROXY={{ vault_https_proxy }}
        {% endif -%}
        {% if vault_no_proxy -%}
        export NO_PROXY={{ vault_no_proxy }}
        {% endif -%}
        mkrundir
        [ -f $PID_FILE ] && rm $PID_FILE
        daemon --user={{ vault_user }} \
            --pidfile="$PID_FILE" \
            "$VAULT" server -config={{ vault_config_path if vault_use_config_path else vault_main_config }} {% if vault_log_level is defined %}-log-level={{ vault_log_level | lower }}{% endif %} {{ vault_exec_output }} &
        retcode=$?
        touch /var/lock/subsys/vault
        return $retcode
}

stop() {
        echo -n "Shutting down vault: "
        if ("${VAULT}" info 2>/dev/null | grep -q 'server = false' 2>/dev/null) ; then
            "$VAULT" leave
        fi

        mkpidfile
        killproc $KILLPROC_OPT $VAULT -9

        retcode=$?
        rm -f /var/lock/subsys/vault $PID_FILE
        return $retcode
}

case "$1" in
    start)
        start
        ;;
    stop)
        stop
        ;;
    status)
        "$VAULT" info
        ;;
    restart)
        stop
        start
        ;;
    reload)
        mkpidfile
        killproc $KILLPROC_OPT $VAULT -HUP
        ;;
    condrestart)
        [ -f /var/lock/subsys/vault ] && restart || :
        ;;
    *)
        echo "Usage: vault {start|stop|status|reload|restart}"
        exit 1
        ;;
esac
exit $?
